Hi all,
in my logs this line appeared today:
2016-01-12 19:50:41.892 [WARN ] [.io.net.http.SecureHttpContext] - authentication of user ‘elizabeth bennet’ failed
what does that mean? i don’t know a elizabeth…
how can this happen?
Hi all,
in my logs this line appeared today:
2016-01-12 19:50:41.892 [WARN ] [.io.net.http.SecureHttpContext] - authentication of user ‘elizabeth bennet’ failed
what does that mean? i don’t know a elizabeth…
how can this happen?
A few thoughts:
More detail on how/where you are running OpenHAB would help too…
All the best,
.
my.openHAB does not send any usernames in it’s requests back to openHAB - they are explicitly deleted from the request. Moreover, a request will not pass through my.openHAB if user was not authenticated. So this requests should have come directly to your openHAB somehow, either from local network, or from a hole in your router/firewall, if you have one…
thx for your answers, whoa ok!
only one log entry, no brute force i guess.
i had several ports (8080, 9090, 8443) forwarded to my Raspberry Pi 2… including port 22 for SSH…
although i have unique and really strong passwords that security hole never really came to my mind.
now i deleted all forwardings (except 1883 for mqtt, without it it won’t work) and everything else still works as expected.
i’ll try to change the mqtt port.
remotely accessing my Pi is really convenient, now i have to think about more secure way to do so.
cheers,
stefan
Opening 8080/8443 may allow anyone on the internet to initiate a connection to your OH instance. I would suggest looking into setting up an OpenVPN or IPSEC VPN server on your internal network, and use secure VPN clients to connect to it.
Best regards,
.
ok, good to know, thx!
my router (a Fritz!Box) can create a IPSEC VPN, so I created that just right now.
I can connect to it and then SSH into the RPi from “within” my network… perfect.
setting this up was so simple that I feel a little bit ashamed I didn’t do it earlier
thx for your valuable input!
stefan